Authenticating from a mobile app return a 302 status

[mildo]

The server side of the solution is using Spring security to authenticate it's users. When I try to login from the web page works fine but when I try the same from the mobile app, it receives a 302 http status.

This is the security context I'm using

<security:http auto-config="true" lowercase-comparisons="false" use-expressions="true" >
<security:intercept-url pattern="/app/**" access="isAuthenticated()" />
<security:access-denied-handler error-page="/services/security/deniedAccess.json" />

<security:form-login login-page="/app/login.html" login-processing-url="/app/loginProcess"
default-target-url="/app/home.html"
authentication-failure-url="/services/security/deniedAccess.json" />

<security:logout logout-success-url="/app/login.html" logout-url="/app/logout.html" />
</security:http>


<bean id="sessionRegistry" class="org.springframework.security.core.session.S essionRegistryImpl"/>

<!-- Override the default password-encoder (SHA) by uncommenting the following and changing the class -->
<bean id="passwordEncoder" class="org.springframework.security.authentication .encoding.ShaPasswordEncoder" />

<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userSecurityService">
<securityassword-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<security:global-method-security secured-annotations="enabled" />

</beans>

[evilcouncil]

You need a different set of filters for processing mobile authentication requests. The web page filters will always perform a server-side redirect (302 HTTP Status) no matter if the authentication was successful or not.